https://signoz.io
Join Slack
Menu
Home
Archive
This message was deleted.
# support
s
This message was deleted.
v
Currently on the agent collector side I have this log :
Copy code
2022-06-13T10:19:20.149Z    warn    zapgrpc/zapgrpc.go:191    [core[] grpc: addrConn.createTransport failed to connect to {signoz-otel-collector.apm.svc.cluster.local:4317 signoz-otel-collector.apm.svc.cluster.local:4317 <nil> <nil> 0 <nil>}. Err: connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake"    {"grpc_log": true}
And on the signoz collector side I have this log :
Copy code
signoz-otel-collector 2022-06-13T11:35:23.876Z    warn    zapgrpc/zapgrpc.go:191    [core[] grpc: Server.Serve failed to create ServerTransport:  connection error: desc = "transport: http2Server.HandleStreams received bogus greeting from client: \"\\x16\\x03\\x01\\x00\\xf5\\x01\\x00\\x00\\xf1\\x03\\x03\\xe4VlZE\\xd2\\xe4\\xe9\\xc6\\x1b\\x86/`\""    {"grpc_log": true}
So I'd like to enable TLS since it appears to be not enabled according to the error message. The client seems to expect a SSL handshake but the server does not answer appropiately
p
@Valentin Baert can you share the config that you used?
v
On the signoz collector I'm using the helm charts + these values.yaml override :
Copy code
helm upgrade --install signoz signoz/signoz --namespace "apm" --create-namespace     --values override-values.yaml
Copy code
clickhouse:
  user: "admin"
  password: "xxxxx"
  cloud: gcp
  installCustomStorageClass: true
  persistence:
    storageClass: gce-resizable

otelCollector:
  config:
    receivers:
      otlp/auth:
        protocols:
          grpc:
            endpoint: 0.0.0.0:4317
            auth:
              authenticator: oidc
    extensions:
      oidc:
        issuer_url: <https://xxxxx.com/>
        audience: <https://xxxxx.com/>
    service:
      extensions: [health_check, zpages, oidc]
      pipelines:
        traces:
          receivers: [jaeger, otlp/auth]
          processors: [signozspanmetrics/prometheus, batch]
          exporters: [clickhousetraces]
        metrics:
          receivers: [otlp/auth, hostmetrics]
          processors: [batch]
          exporters: [clickhousemetricswrite]
Then I have deployed cert-manager and the open telemetry operator for kubernetes :
Copy code
helm upgrade --install     cert-manager jetstack/cert-manager     --namespace cert-manager     --create-namespace     --version v1.8.0     --set installCRDs=true     --set prometheus.enabled=false


kubectl apply -f <https://github.com/open-telemetry/opentelemetry-operator/releases/latest/download/opentelemetry-operator.yaml>
Then I have deployed a OpenTelemetryCollector to automate injecting a sidecar :
Copy code
apiVersion: <http://opentelemetry.io/v1alpha1|opentelemetry.io/v1alpha1>
kind: OpenTelemetryCollector
metadata:
    name: otel-sidecar-signoz
spec:
    mode: sidecar
    image: otel/opentelemetry-collector-contrib:0.43.0
    config: |

        extensions:
          oauth2client:
            client_id: xxxxx
            client_secret: xxxxx
            token_url: <https://xxxxx.com/api/auth/v1/oauth/token>

        receivers:
          otlp:
            protocols:
              grpc:
                endpoint: localhost:4317

        processors:

        exporters:
          otlp/auth:
            endpoint: signoz-otel-collector.apm.svc.cluster.local:4317
            auth:
              authenticator: oauth2client

        service:
          extensions:
            - oauth2client
          pipelines:
            traces:
              receivers:
                - otlp
              processors: []
              exporters:
                - otlp/auth
The sidecar injector properly detects when a Deployment has the annotation (
<http://sidecar.opentelemetry.io/inject|sidecar.opentelemetry.io/inject>: "true"
) and starts a sidecar container. However that sidecar container fails to send data to the signoz collector with the following error :
Copy code
2022-06-13T10:19:20.149Z    warn    zapgrpc/zapgrpc.go:191    [core[] grpc: addrConn.createTransport failed to connect to {signoz-otel-collector.apm.svc.cluster.local:4317 signoz-otel-collector.apm.svc.cluster.local:4317 <nil> <nil> 0 <nil>}. Err: connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake"    {"grpc_log": true}
The same error on the signoz collector side :
Copy code
signoz-otel-collector 2022-06-13T11:35:23.876Z    warn    zapgrpc/zapgrpc.go:191    [core[] grpc: Server.Serve failed to create ServerTransport:  connection error: desc = "transport: http2Server.HandleStreams received bogus greeting from client: \"\\x16\\x03\\x01\\x00\\xf5\\x01\\x00\\x00\\xf1\\x03\\x03\\xe4VlZE\\xd2\\xe4\\xe9\\xc6\\x1b\\x86/`\""    {"grpc_log": true}
So I guess I must me missing something on the signoz otel collector side because it seems it wants an unsecured connection whereas I'd like it to want an secured tls connection. I'm trying to find in the docs how I should configure the otel collector on signoz to accept authenticated connections but I'm struggling to find the appropriate documentation to do this. I'm not sure how all of this fits together using the cert-manager deployment.
p
@Valentin Baert we haven't tested oauthclient/oidc authenticators yet. Like previously mentioned, we have only tested BasicAuth and it works as expected.
Also, we are using v0.45.X since recent release.
313 Views
Open in Slack
PreviousNext
Powered by

SigNoz Community

SigNoz is an open-source APM. It helps developers monitor their applications & troubleshoot problems, an open-source alternative to DataDog, NewRelic, etc.

Powered by